Cybersecurity Lead / Vice President - Investment Mgmt Software - Charles River Development Cybersecurity Lead / Vice President - Investment  …

State Street Corporation
à Burlington, MA, États-Unis
CDI, Plein-temps
Soyez parmi les premiers à postuler
State Street Corporation
à Burlington, MA, États-Unis
CDI, Plein-temps
Soyez parmi les premiers à postuler
State Street Corporation
Cybersecurity Lead / Vice President - Investment Mgmt Software - Charles River Development
What we value
The Cybersecurity Lead is a senior level position responsible for overseeing security for a number of Charles River Development's computing environments (public cloud, managed hosting providers, or internal networks), and identifying, assessing, and reducing cyber security risks within these environments. The primary objective of this role is to help establish and operate a world class, automated, agile, and effective security processes that support a high-velocity culture. This position has direct responsibility for building, improving, and operating security program elements from identity and access management to data protection which is key to preserve client trust and reputation of CRD and State Street.
Why this job is important to us
The team you will be joining is an information security team whose remit spans from Charles River Development (or CRD) to other State Street business units within the same organizational hierarchy. CRD helps create enterprise investment management software solutions for large institutions in the areas of institutional investment, wealth management and hedge funds. Together we have created the first open front-to-back platform - State Street Alpha, that was launched in 2019. Join us if securing the next generation infrastructure, using emerging technologies sounds like a challenge you are up for.
What you will be responsible for
  • Providing quick, yet well-thought security risk feedback to internal partners informed by deep understanding of the business and risks, coupled with subject matter expertise, rather than FUD, and being accountable for these decisions
  • Serving as a recognized leader of the information security team and represent the function across State Street
  • Own the information security program within the CRD computing environments
  • Working with the IT teams for CRD computing environments, and using deep IT technical knowledge, building, improving, and operating risk-based security program elements across all security domains and layers from network through application and data.
  • Working in cooperation with the information security team in identifying and communicating vulnerabilities and track them to remediation across all CRD computing environments.
  • Designing and implementing policies, procedures, practices and controls to mitigate risk.
  • Creatively finding ways to automate security processes and reduce or eliminate manual or administrative steps
  • Supporting rollout of enterprise security solutions, such as privilege access management, SIEM, HSM, etc.
  • Reviewing, evaluating, providing security guidance on implementation of resilient, novel technologies in the cloud
  • Communicating information security vulnerabilities, threats, and risks to both technical and non-technical audiences
  • Managing and coordinating security incident response
  • Developing, collecting and communicating relevant strategic and operational security metrics relaying the health of the information security program across CRD environments.

What we value
  • The ideal candidate would have a good understanding of a software company or the financial services industry or both
  • Appreciation that security exists to support and protect the business
  • Keen eye on the context and all the relevant factors, and exhibiting practicality in making security risk and control decisions
  • Strong sense of ownership, being results-oriented, and accountable for outcomes, successful or not
  • Ability to build and maintain strong relationships with functional groups based on mutual trust
  • 5 to 7 years of hands-on experience in a technical information security manager role overseeing the security of hybrid cloud environments including IaaS and PaaS cloud models
  • Appreciation of agile and DevOps methodologies and implementing the tenets of these models to information security
  • Experience in deploying enterprise-grade security solutions as complicated as SIEM and HSMs
  • Good understanding and experience in aligning to industry frameworks and standards such as NIST cybersecurity framework, ISO 27001, SOC audit principles, FIPS 140-2
  • Having a command of common scripting languages in order to be able to automate manual security processes
  • Deep technical knowledge of the full IT stack from Layer 2 switching through Layer 7 application and data, and having implemented relevant security controls across all these layers
  • Experience in security risk management informed by the criticality of systems, threats to them, vulnerabilities in them, and the likelihood and impact of the threats exploiting the vulnerabilities.
  • Strong analytical and problem solving skills
  • Ability to communicate professionally with all levels of the organization
  • A technical base that will allow quick learning and grasp of new technologies

Education & Preferred Qualifications
Four (4) year degree in a technical field such as Computer Science.
Descriptif de l'entreprise

From technology and product innovation to corporate responsibility and community development, we're making our mark on the financial services industry. For more than two centuries, we've been helping our clients safeguard and steward the investments of millions of people - strengthening markets, building communities and creating opportunities for growth.

We owe that longevity to the commitment, expertise and creativity of our employees. Our continued success depends on our ability to attract and develop the best talent in the industry. That's why we're keenly focused on employee development, corporate citizenship and inclusion.

For us, success comes in the mark we make as an organization - for the industry, our clients, our communities and each other.